The Office of the Australian Information Commissioner (OAIC) has now released its first quarterly report since the Mandatory Data Breaches Regime commenced in February 2018. The statistics are alarming:
(a) 242 notifications were received;
(b) Over one million Australians were affected;
(c) 59% of the breaches involved criminal attacks;
(d) 36% of the breaches involved human error;
(e) 97% of the criminal attacks are cyber attacks;
(f) 42% involved personal information;
(g) 39% involved identity theft;
(h) 19% involved tax file numbers.
These statistics show that the solutions to data breaches are not solely technology based but people based. Throwing money at technology will not help if your staff will open the scam email, or leave their laptop or USB stick on public transport, or a Gloria Jean’s cafe.
As stated in our February newsletter we suggest a three‑step process for business to comply namely:
(a) review all information security arrangements including data both in hard copy and soft copy;
(b) prepare a data breach response plan;
(c) instigate training of all staff both as to the risks of cyber security breaches and the information security arrangements and the management and reporting of data breaches to individuals and the OAIC.
In an era where the trust of your company is critical to not only its future growth but its future survival then one way to ingrain trust in your business is to properly manage the personal data which any business does collect and retain.
If you require further information both to the requirements under the new data reporting regime or wish to discuss the cyber security arrangements of your business, then please contact Stephen Jenkins, Partner – Intellectual Property
P: +61 2 8022 1222 | F: +61 2 8022 1221 | D: +61 437 008 253
Madison Marcus Law Firm produced this article. It is intended to provide general information in summary form on legal topics, current at the time of first publication. The contents do not constitute legal advice and should not be relied upon as such. Formal legal advice should be sought in particular matters.